``
2 of 41 nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3 3 of 41
4 of 41 nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3
Variant name Marketing model
number
Firmware
version
nShield Solo XC F3 nC4035E-000
12.72.1
12.72.3
nShield Solo XC F3 for nShield Connect XC and for
nShield HSMi
nC4335N-0001
Security requirements section Level
Cryptographic Module Specification 3
Module Ports and Interfaces 3
Roles, Services and Authentication 3
Finite State Model 3
Physical Security 3
Operational Environment N/A
Cryptographic Key Management 3
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3 5 of 41
Security requirements section Level
EMI/EMC 3
Self-Tests 3
Design Assurance 3
Mitigation of Other Attacks N/A
•
6 of 41 nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3
•
•
•
•
•
•
•
•
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3 7 of 41
•
•
•
•
``
CSP Type Description Generation Input Output Storage Zeroization
KRE - Recovery
Confidentiality
Key
RSA 3072-bit Key used to protect recovery keys (KR).
KTS cert#A1931
DRBG Load Blob -
encrypted
with LT
Make Blob -
encrypted
with LT
Ephemeral,
stored in
volatile
RAM.
Initialize Unit
KR - Recovery
Key
AES 256-bit Key used to derive (using SP 800-108 KDF in
counter mode) the keys Ke (AES 256-bit) and
Km (HMAC-SHA256) that protect an archive
copy of an application key.
• AES cert #A1931
DRBG Load Blob -
encrypted
with KRE
Make Blob -
encrypted
with KRE
Ephemeral,
stored in
volatile
RAM.
Initialize Unit,
Clear Unit,
power cycle or
reboot.
Impath session
keys
AES 256-bit in CBC
mode.
Integrity with
HMAC SHA-256.
Used for secure channel between two
modules. It consists of a set of four session
keys used in an Impath session for encryption,
decryption, MAC generation and MAC
validation.
• AES cert #A1931
• HMAC cert #A1931
3072-bit DH
key
exchange
No No Ephemeral,
stored in
volatile
RAM.
Clear Unit,
new session,
power cycle or
reboot.
KJSO - JSO key DSA 3072-bit nShield Junior Security Officer key used with its
associated certificate to perform the
operations allowed by the NSO.
DRBG Load Blob -
encrypted
with LT
Make Blob -
encrypted
with LT
Ephemeral,
stored in
Destroy,
Initialize Unit,
Clear Unit,
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary Security Policy for FIPS 140-2 Level 3 9 of 41
CSP Type Description Generation Input Output Storage Zeroization
• DSA cert #A1931 volatile
RAM.
power cycle or
reboot.
KA - Application
key
AES 128, 192, 256
bits
HMAC with key
sizes >= 112 bits
RSA with key sizes
>= 2048 bits
DSA, DH with key
sizes >= 2048 bits
ECDSA, ECDH, EC
MQV with curves:
• P-224, P-
256, P-
384, P-521
• K-233, K-
283, K-
409, K-571
• B-233, B-
283, B-
409, B-571
• Brainpool
Keys associated with a user to perform
cryptographic operations, that can be used
with one of the following validated algorithms:
• AES and KTS cert #A1931
• HMAC cert #A1931
• RSA cert #A1931
• DSA cert #A1931
• ECDSA cert #A1931
• Key Agreement (KAS) cert #A1931
• KBKDF cert #A1931
• KTS cert #A1931
DRBG Load Blob -
encrypted
with LT or
KR
Make Blob -
encrypted
with LT or
KR
Ephemeral,
stored in
volatile
RAM.
Destroy,
Initialize Unit,
Clear Unit,
power cycle or
reboot
10 of 41nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary Security Policy for FIPS 140-2 Level 3
CSP Type Description Generation Input Output Storage Zeroization
KM - Module
Key
AES 256-bit Key used to protect logical tokens and
associated module Key Blobs.
• AES cert #A1931
DRBG Load Blob -
encrypted
with LT
Make Blob -
encrypted
with LT
Non-volatile
memory
Initialize Unit
KML - Module
Signing Key
DSA 3072-bit Module Signing Key used by the module to sign
key generation and module state certificates.
When the nShield module is initialized, it
automatically generates this key that it uses to
sign certificates using DSA with SHA-256. This
key is only ever used to verify that a certificate
was generated by a specific module.
• DSA cert #A1931
DRBG No No Non-volatile
memory
Initialize Unit
KNSO - NSO key DSA 3072-bit nShield Security Officer key used for NSO
authorisation and Security World integrity.
Used to sign Delegation Certificates and to
directly authorize commands during recovery
operations
• DSA cert #A1931
DRBG Load Blob -
encrypted
with LT
Make Blob -
encrypted
with LT
Ephemeral,
stored in
volatile
RAM.
Destroy,
Initialize Unit,
Clear Unit,
power cycle or
reboot.
LT - Logical
Token
AES 256-bit Key used to derive the keys that are used to
protect token protected key blobs. Logical
Tokens are split in shares (encrypted with
Share Key) between one or more smartcards or
a softcard, using the Shamir Secret Sharing
scheme.
• AES cert #A1931
DRBG Read
Share -
encrypted
with Share
Key
Write Share
- encrypted
with Share
Key
Ephemeral,
stored in
volatile
RAM.
Destroy,
Initialize Unit,
power cycle or
reboot
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary Security Policy for FIPS 140-2 Level 3 11 of 41
CSP Type Description Generation Input Output Storage Zeroization
• KBKDF cert #A1931
• HMAC cert #A1931
Share Key AES 256-bit Protects a share when written to a smartcard
or softcard. This key is used to derive (using SP
800-108 AES CTR KDF) the keys Ke (AES 256-
bit) and Km (HMAC-SHA256) that wrap the
share.
• AES cert #A1931
• KBKDF cert #A1931
• HMAC cert #A1931
DRBG No No Ephemeral,
stored in
volatile
RAM.
N/A
Remote
Administration
session keys
AES 256-bit in CBC
mode
Integrity with
CMAC
Used for secure channel between the module
and a smartcard. This is a set of four AES 256-
bit session keys, namely Km-e (for encrypting
data send to the smartcard), Kc-e (for
decrypting data from the smartcard), Km-a (for
CMAC generation) and Kc-a (for CMAC
verification).
• AES cert #A1931
ECDH P-521
key
agreement
No No Ephemeral,
stored in
volatile
RAM.
Clear Unit,
new session,
power cycle or
reboot.
KAL - Key Audit
Logging
DSA 3072-bit Used for signing the log trail.
• DSA cert #A1931
DRBG No No Non-volatile
memory
Initialize Unit
DRBG internal
state
Hash_DRBG The module uses the Hash_DRBG with SHA-256
compliant with SP800-90A.
• Hash DRBG cert #A1931
Entropy
source
No No Ephemeral,
stored in
Clear Unit,
power cycle or
reboot.
12 of 41nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary Security Policy for FIPS 140-2 Level 3
CSP Type Description Generation Input Output Storage Zeroization
volatile
RAM.
DRBG entropy
input
344 bits Entropy input string used to initialize and re-
seed the DRBG.
Entropy
source
No No Ephemeral,
stored in
volatile
RAM.
Clear Unit,
power cycle or
reboot.
Public Key Type Description Generation Input Output Storage
Firmware
Integrity key (KFI)
ECDSA P-
521
Public key used to ensure the integrity
of the firmware during boot. The
module validates the signature before
new firmware is written to non-volatile
storage.
• ECDSA 805
At Entrust Firmware update No In firmware
KJWAR ECDSA P-
521
Entrust root warranting public key
for Remote Administrator Cards and
Remote Operator Cards
• ECDSA cert #A1931
At Entrust Firmware update None Persistent storage
in plaintext inside
the module
(EEPROM)
Application keys
public key
See
description
Public keys associated with private
Application keys:
• RSA cert #A1931
At creation of
the
Load Blob - encrypted with LT Key export Stored in the key
blob of the
application key
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary Security Policy for FIPS 140-2 Level 3 13 of 41
Public Key Type Description Generation Input Output Storage
• DSA cert #A1931
• ECDSA cert #A1931
• Key Agreement (KAS) cert
#A1931
• KTS cert #A1931
application
key
KJSO public key DSA 3072-
bit
Public key associated to KJSO
• DSA cert #A1931
At creation of
the KJSO
Load Blob - encrypted with LT Key export Public key hash
stored in the
module
persistent storage
KNSO public key DSA 3072-
bit
Public key associated to KNSO
• DSA cert #A1931
At creation of
the KNSO
Load Blob - encrypted with LT Key export Public key hash
stored in the
module
persistent storage
KML public key DSA 3072-
bit
Public key associated to KML
• DSA cert #A1931
At creation of
KML
No Key export Public key hash
stored in the
module
persistent storage
KAL public key DSA 3072-
bit
Public key associated to KAL
• DSA cert #A1931
At creation of
KAL
No Included
in the
audit trail
Public key hash
stored in the
module
persistent storage
KRE public key RSA 3072-
bit
Public key associated to KRE
• KTS cert #A1931
At creation of
the KNSO
Load Blob - encrypted with LT Key export Stored in a key
blob
14 of 41nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary Security Policy for FIPS 140-2 Level 3
Public Key Type Description Generation Input Output Storage
FET public key DSA 1024-
bit
Feature Enable Tool (FET) public key
used to verify FET certificates
• DSA cert #A1931
At Entrust Firmware update No Persistent storage
in plaintext inside
the module
(EEPROM)
Impath DH public
key
DH 3072-
bit
Public key from peer used in the
Impath DH key agreement.
• KAS cert #A1931
No Loaded with Cmd_ImpathKXFinish No Ephemeral,
stored in volatile
RAM.
Remote
Administration
ECDH public key
NIST P-521 Public key from peer used in the
Remote Administration ECDH key
agreement.
• KAS cert #A1931
No Loaded with
Cmd_DynamicSlotExchangeAPDUs
No Ephemeral,
stored in volatile
RAM.
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary Security Policy for FIPS 140-2 Level 3 15 of 41
Cert # Algorithm and mode Standard Key sizes Use
A1931 Advanced Encryption Standard (AES)
• ECB
• CBC
• CTR
• GCM
FIPS 197
SP800-
38A
SP800-
38D
128 bits
192 bits
256 bits
Data
encryption/decryption
A1931 KTS
• AES Key Wrapping (AES KW)
• AES Key Wrapping with Padding (AES KWP)
• AES GCM
SP800-
38F
SP800-
38D
128 bits
192 bits
256 bits
Key wrapping/unwrapping
A1931 KTS
• RSA OAEP
SP 800-
56Brev2
2048 bits
3072 bits
4096 bits
Caveat: Cert. #A1931 key
establishment methodology
provides between 112 and
152 bits of encryption
strength.
Key transport
(encapsulation, un-
encapsulation)
16 of 41nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary Security Policy for FIPS 140-2 Level 3
Cert # Algorithm and mode Standard Key sizes Use
A1931 RSA
• PKCS#1 v1.5
• PSS
FIPS 186-
4
1024 bits (verification only)
2048 bits
3072 bits
4096 bits
Key generation
Signature generation and
verification
A1931 Elliptic Curve Digital Signature Algorithm (ECDSA) FIPS 186-
4
• NIST P-224, P-256, P-
384, P-521
• NIST K-233, K-283, K-
409, K-571
• NIST B-233, B-283, B-
409, B-571
Signature generation and
verification
A1931 Digital Signature Algorithm (DSA) FIPS 186-
4
L = 1024 bits, N = 160 bits
(verification only)
L = 2048 bits, N = 224 bits
L = 2048 bits, N = 256 bits
L = 3072 bits, N = 256 bits
Signature generation and
verification
A1931 HMAC-SHA1
HMAC-SHA2
FIPS 198-
1
>= 112 bits MAC generation and
verification
A1931 Advanced Encryption Standard (AES)
• CMAC
SP800-
38B
128 bits
192 bits
256 bits
MAC generation and
verification
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary Security Policy for FIPS 140-2 Level 3 17 of 41
Cert # Algorithm and mode Standard Key sizes Use
A1931 KAS-FFC
• Diffie-Hellman (DH)
SP 800-
56Arev3
MODP-2048
MODP-3072
MODP-4096
MODP-6144
MODP-8192
FB
FC
Key establishment
A1931 KAS-ECC
• Elliptic Curve Diffie-Hellman (ECDH)
SP 800-
56Arev3
• NIST P-224, P-256, P-
384, P-521
• NIST K-233, K-283, K-
409, K-571
• NIST B-233, B-283, B-
409, B-571
Key establishment
A1931 KAS-ECC
• Elliptic Curve Menezes–Qu–Vanstone (ECMQV)
SP 800-
56Arev3
• NIST P-224, P-256, P-
384, P-521
• NIST K-233, K-283, K-
409, K-571
• NIST B-233, B-283, B-
409, B-571
Key establishment
A1931 Key Based KDF (KBKDF):
• counter mode
SP 800-
108
n/a Key derivation
18 of 41nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary Security Policy for FIPS 140-2 Level 3
Cert # Algorithm and mode Standard Key sizes Use
A1931 SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 FIPS 180-
4
n/a Message digest
A1931 Hash-based DRBG SP 800-
90A
n/a Random bit generation
ENT (P) Hardware based entropy source
This cryptographic module has been validated for compliance with NIST SP
800-90B. Based on noise source testing and analysis, the estimated
minimum amount of entropy per the source output bit is about 0.915 bits.
The overall amount of generated entropy meets the required security
strength of 256 bits based on the entropy per bit and amount of entropy
requested by the module.
SP800-
90B
n/a Random bit generation
Vendor
affirmed
CKG SP800-
133
Symmetric keys are generated
using the unmodified output
of the approved DRBG.
Key generation
Bootloader
SHS 3130 SHA-256, SHA-512 FIPS 180-
4
n/a Message digest
ECDSA
805
Elliptic Curve Digital Signature Algorithm (ECDSA) FIPS 186-
4
NIST P-521 Signature verification
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary Security Policy for FIPS 140-2 Level 3 19 of 41
Cert # Algorithm and mode Standard Key sizes Use
A1931 Elliptic Curve Digital Signature Algorithm (ECDSA) using
non-NIST elliptic curves
FIPS 186-4
RFC 5639
• brainpoolP224r1/P224t1 (112 bits of
strength)
• brainpoolP256r1/P256t1 (128 bits of
strength)
• brainpoolP320r1/P320t1 (160 bits of
strength)
• brainpoolP384r1/P384t1 (192 bits of
strength)
• brainpoolP512r1/P512t1 (256 bits of
strength)
Signature generation and
verification
A1931 EC Diffie-Hellman using non-NIST elliptic curves SP 800-
56Arev3
RFC 5639
• brainpoolP224r1/P224t1 (112 bits of
strength)
• brainpoolP256r1/P256t1 (128 bits of
strength)
• brainpoolP320r1/P320t1 (160 bits of
strength)
• brainpoolP384r1/P384t1 (192 bits of
strength)
• brainpoolP512r1/P512t1 (256 bits of
strength)
Key establishment
A1931 EC MQV using non-NIST elliptic curves SP 800-
56Arev3
RFC 5639
• brainpoolP224r1/P224t1 (112 bits of
strength)
Key establishment
20 of 41nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary Security Policy for FIPS 140-2 Level 3
Cert # Algorithm and mode Standard Key sizes Use
• brainpoolP256r1/P256t1 (128 bits of
strength)
• brainpoolP320r1/P320t1 (160 bits of
strength)
• brainpoolP384r1/P384t1 (192 bits of
strength)
• brainpoolP512r1/P512t1 (256 bits of
strength)
Algorithm
Symmetric encryption and decryption
DES
Triple DES encryption, MAC generation
AES GCM with externally generated IV
AES CBC MAC
Aria
Camellia
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary Security Policy for FIPS 140-2 Level 3 21 of 41
Algorithm
Arc Four (compatible with RC4)
CAST 256 (RFC2612)
SEED (Korean Data Encryption Standard)
Asymmetric
KTS-OAEP-basic with SHA-256 with key size less than 2048 bits
ElGamal (encryption using Diffie-Hellman keys)
KCDSA (Korean Certificate-based Digital Signature Algorithm)
RSA digital signature generation with SHA-1 or key size less than 2048 bits
DSA digital signature generation with SHA-1 or key size less than 2048 bits
ECDSA digital signature generation with SHA-1 or curves P-192, K-163 , B-163
DH with key size p < 2048 bits or q < 224 bits, or non-compliant with SP800-56Arev3
ECDH with curves P-192, K-163, B-163, or non-compliant with SP800-56Arev3
EC MQV with curves P-192, K-163 or B-163, or non-compliant with SP800-56Arev3
Deterministic DSA compliant with RFC6979
Ed25519 public-key signature
X25519 key exchange
ECIES encryption/wrapping and decryption/unwrapping
ECKA-EG key agreement
22 of 41nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary Security Policy for FIPS 140-2 Level 3
Algorithm
Hash
HAS-160
MD5
RIPEMD-160
Tiger
Message Authentication Codes
HMAC with MD5, RIPEMD-160 and Tiger
HMAC with key size less than 112 bits
Other
PKCS#8 padding
EMV support:
Cryptogram (ARQC) generation and verification (includes EMV2000, M/Chip 4 and Visa Cryptogram Version 14, EMV 2004, M/Chip 2.1, Visa Cryptogram
Version 10)
Watchword generation and verification
Hyperledger client side KDF
``
•
•
•
24 of 41 nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3
Authentication
mechanism
Type of
authentication
Strength of Mechanism
Smartcard Identity based A logical token share stored in a Smartcard or Softcard is
encrypted and MAC'ed. An attacker would need to guess the
encrypted share value and the associated MAC in order to be
able to load a valid Logical token share into the module. This
requires, as a minimum, guessing a 256-bit HMAC-SHA256 value,
which gives a probability of 2^-256. This probability is less than
10^-6.
The module can process around 2^16 commands per minute.
This gives a probability of success in a one minute period of 2^-
240, which is less than 10^-5.
Softcard Identity based
Service Description Authorized roles Access CSPs
Big number operation
Cmd_BignumOp
Performs an
operation on a large
integer.
Unauthenticated - None
Make Blob
Cmd_MakeBlob
Creates a Key blob
containing the key.
Note that the key ACL
needs to authorize
the operation.
User / JSO / NSO W KA, KRE, KR,
KJSO, KM,
KNSO, LT
Buffer operations
Cmd_CreateBuffer
Cmd_LoadBuffer
Mechanism for
loading of data into
the module volatile
memory. The data
can be loaded in
encrypted form
which can be
decrypted inside the
module with a key
that has been
previously loaded.
Unauthenticated R KA
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3 25 of 41
Service Description Authorized roles Access CSPs
Bulk channel
Cmd_ChannelOpen
Cmd_ChannelUpdate
Provides a bulk
processing channel
for encryption /
decryption, MAC
generation /
verification and
signature generation
/ verification.
User R KA
Check User Action
Cmd_CheckUserAction
Determines whether
the ACL associated
with a key allows a
specific operator
defined action.
User / JSO / NSO R KNSO, KJSO;
KA
Clear Unit
Cmd_ClearUnit
Zeroises all keys,
tokens and shares
that are loaded into
the module. Will
cause the module to
reboot and perform
self-tests.
Unauthenticated Z KA, KR, Impath
keys, KJSO,
remote
administration
session keys
Set Module Key
Cmd_SetKM
Allows a key to be
stored internally as a
Module key (KM)
value. The ACL needs
to authorize this
operation.
NSO W KM
Remove Module Key
Cmd_RemoveKM
Deletes a given KM
from non-volatile
memory.
NSO Z KM
Duplicate key handle
Cmd_Duplicate
Creates a second
instance of a Key
with the same ACL
and returns a handle
to the new instance.
Note that the source
key ACL needs to
authorize this
operation.
User / JSO / NSO R KA
Enable feature
Cmd_StaticFeatureEnable
Enables the service.
This service requires
a certificate signed by
Unauthenticated - None
26 of 41 nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3
Service Description Authorized roles Access CSPs
the Master Feature
Enable key.
Encryption / decryption
Cmd_Encrypt
Cmd_Decrypt
Encryption and
decryption using the
provided key handle.
User R KA
Erase from smartcard /softcard
Cmd_EraseFile
Cmd_EraseShare
Removes a file or a
share from a
smartcard or softcard
NSO / JSO / User - None
Format Token
Cmd_FormatToken
Formats a smartcard
or a softcard.
NSO / JSO - None
File operations
Cmd_FileCopy
Cmd_FileCreate
Cmd_FileErase
Cmd_FileOp
Performs file
operations in the
module.
NSO / JSO - None
Firmware Authenticate
Cmd_FirmwareAuthenticate
Reports firmware
version, using a zero
knowledge challenge
response protocol
based on HMAC.
The protocol
generates a random
value to use as the
HMAC key.
Note: in FIPS Level 3
mode this services is
not available.
Unauthenticated - None
Force module to fail
Cmd_Fail
Causes the module to
enter a failure state.
Unauthenticated - None
Foreign Token open
Cmd_ForeignTokenOpen
Opens a channel for
direct data access to
a Smartcard
Requires Feature
Enabled.
NSO / JSO - None
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3 27 of 41
Service Description Authorized roles Access CSPs
Foreign Token command
Cmd_ForeignTokenCommand
Sends an ISO-7816
command to a
smartcard over the
channel opened by
ForeignTokenOpen.
Unauthenticated - None
Firmware Update
Cmd_Maintenance
Cmd_ProgrammingBegin
Cmd_ProgrammingBeginChunk
Cmd_ProgrammingLoadBlock
Cmd_ProgrammingEndChunk
Cmd_ProgrammingEnd
Cmd_ProgrammingGetKeyList
Perform a firmware
update. Restricted
service to Entrust
signed Firmware.
Unauthenticated R KFI
Generate prime number
Cmd_GeneratePrime
Generates a random
prime number.
Unauthenticated R, W DRBG internal
state
Generate random number
Cmd_GenerateRandom
Generates a random
number from the
Approved DRBG.
Unauthenticated R, W DRBG internal
state
Get ACL
Cmd_GetACL
Get the ACL of a
given key.
User R KA
Get key application data
Cmd_GetAppData
Get the application
data field from a key.
User R KA
Get challenge
Cmd_GetChallenge
Get a random
challenge that can be
used in fresh
certificates.
Unauthenticated R, W DRBG internal
state
Get KLF2
Cmd_GetKLF2
Get a handle to the
Module Long Term
(KLF2) public key.
Unauthenticated - None
Get Key Information
Cmd_GetKeyInfo
Cmd_GetKeyInfoEx
Get the type, length
and hash of a key.
NSO / JSO / User R KA
Get module signing key
Cmd_GetKML
Get a handle to the
KML public key.
Unauthenticated R KML
28 of 41 nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3
Service Description Authorized roles Access CSPs
Get list of slot in the module
Cmd_GetSlotList
Get the list of slots
that are available
from the module.
Unauthenticated - None
Get Logical Token Info
Cmd_GetLogicalTokenInfo
Cmd_GetLogicalTokenInfoEx
Get information
about a Logical
Token: hash, state
and number of
shares.
NSO / JSO / User R LT
Get list of module keys
Cmd_GetKMList
Get the list of the
hashes of all module
keys and the KNSO.
Unauthenticated R KM, KNSO
Get module state
Cmd_GetModuleState
Returns unsigned
data about the
current state of the
module.
Unauthenticated - None
Get real time clock
Cmd_GetRTC
Get the current time
from the module Real
Time Clock.
Unauthenticated - None
Get share access control list
Cmd_GetShareACL
Get the Share's ACL. NSO / JSO / User R Share Key
Get Slot Information
Cmd_GetSlotInfo
Get information
about shares and files
on a Smartcard that
has been inserted in
a module slot.
Unauthenticated - None
Get Ticket
Cmd_GetTicket
Get a ticket (an
invariant identifier)
for a key. This can be
passed to another
client or to a SEE
World which can
redeem it using
Redeem Ticket to
obtain a new handle
to the object.
NSO / JSO / User - None
Initialize Unit
Cmd_InitializeUnit
Cmd_InitializeUnitEx
Causes a module in
the pre-initialization
state to enter the
initialization
state. When the
Unauthenticated Z KA, KRE, KR,
KJSO, KM, KAL,
KML, KNSO, LT
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3 29 of 41
Service Description Authorized roles Access CSPs
module enters the
initialization state, it
erases all Module
keys (KM), the
module's signing key
(KML), and the hash
of the Security
Officer's keys,
HKNSO. It then
generates a new KML
and KM.
Insert a Softcard
Cmd_InsertSoftToken
Allocates memory on
the module that is
used to store the
logical token share
and other data
objects.
Unauthenticated R Share Key
Remove a Softcard
Cmd_RemoveSoftToken
Removes a Softcard
from the module. It
returns the updated
shares and deletes
them from the
module’s memory.
Unauthenticated Z Share Key
Impath secure channel
Cmd_ImpathGetInfo
Cmd_ImpathKXBegin
Cmd_ImpathKXFinish
Cmd_ImpathReceive
Cmd_ImpathSend
Support for Impath
secure channel.
Requires Feature
Enabled.
NSO / JSO / User R, W KML, Impath
keys
Key generation
Cmd_GenerateKey
Cmd_GenerateKeyPair
Generates a
cryptographic key of
a given type with a
specified ACL. It
returns a handle to
the key. Optionally,
it returns a KML
signed certificate
with the hash of the
key and its ACL
information.
NSO / JSO R, W KML, DRBG
internal state,
KA, KJSO,
30 of 41 nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3
Service Description Authorized roles Access CSPs
Key import
Cmd_Import
Loads a plain text key
into the module. If
the module is
initialized in FIPS
level 3 mode, this
service is available
for public keys only.
NSO / JSO R KA, KJSO
Derive Key
Cmd_DeriveKey
Performs key
wrapping,
unwrapping,
transport, exchange
and derivation. The
ACL needs to
authorize this
operation.
NSO / JSO / User R, W KA, KJSO
Load Blob
Cmd_LoadBlob
Load a Key blob into
the module. It
returns a handle to
the key suitable for
use with module
services.
NSO / JSO / User W KA, KRE, KR,
KJSO, KM,
KNSO
Load Logical Token
Cmd_LoadLogicalToken
Initiates loading a
Logical Token from
Shares, which can be
loaded with the Read
Share command.
Unauthenticated - None
Generate Logical Token
Cmd_GenerateLogicalToken
Creates a new Logical
Token with given
properties and secret
sharing parameters.
NSO / JSO W KM, LT, KJSO
Message digest
Cmd_Hash
Computes the
cryptographic hash of
a given message.
Unauthenticated - None
Modular Exponentiation
Cmd_ModExp
Cmd_ModExpCrt
Cmd_RSAImmedVerifyEncrypt
Cmd_RSAImmedSignDecrypt
Performs a modular
exponentiation
(standard or CRT) on
values supplied with
the command.
Unauthenticated - None
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3 31 of 41
Service Description Authorized roles Access CSPs
Module hardware information
Cmd_ModuleInfo
Reports detailed
hardware
information.
Unauthenticated - None
No Operation
Cmd_NoOp
No operation. Unauthenticated - None
Change Share Passphrase
Cmd_ChangeSharePIN
Cmd_ChangeShareGroupPIN
Updates the
passphrase of a
Share.
NSO / JSO / User R, W Share Keys
NVRAM Allocate
Cmd_NVMemAllocate
Allocation in NVRAM. NSO / JSO - None
NVRAM Free
Cmd_NVMemFree
Deallocation from
NVRAM.
NSO / JSO - None
Operation on NVM list
Cmd_NVMemList
Returns a list of files
in NVRAM.
Unauthenticated - None
Operation on NVM files
Cmd_NVMemOp
Operation on an
NVRAM file.
Unauthenticated None
Key export
Cmd_Export
Exports a key in plain
text.
Note: in FIPS level 3
mode, only public
keys can be exported.
NSO / JSO / User R KA
Pause for notifications
Cmd_PauseForNotifications
Wait for a response
from the module.
Unauthenticated None
Read file
Cmd_ReadFile
Reads data from a file
on a Smartcard or
Softcard. The ACL
needs to authorize
this operation.
NSO / JSO - None
Read share
Cmd_ReadShare
Reads a share from a
Smartcard or
Softcard. Once a
quorum of shares
have been loaded,
the module re-
NSO / JSO / User R Share Keys, LT
32 of 41 nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3
Service Description Authorized roles Access CSPs
assembles the Logical
Token.
Send share to remote slot
Cmd_SendShare
Reads a Share and
encrypts it with the
Impath session keys
for transmission to
the peer module.
NSO / JSO / User R Impath Keys,
Share Keys
Receive share from remote slot
Cmd_ReceiveShare
Receives a Share
encrypted with the
Impath session keys
by a remote module.
NSO / JSO / User R Impath Keys,
Share Keys
Redeem Ticket
Cmd_RedeemTicket
Gets a handle in the
current name space
for the object
referred to by a ticket
created by Get
Ticket.
NSO / JSO / User - None
Remote Administration
Cmd_DynamicSlotCreateAssociation
Cmd_DynamicSlotExchangeAPDUs
Cmd_DynamicSlotsConfigure
Cmd_DynamicSlotsConfigureQuery
Cmd_VerifyCertificate
Provides remote
presentation of
Smartcards using a
secure channel
between the module
and the Smartcard.
NSO / JSO / User R, W Remote
administration
session keys
Destroy
Cmd_Destroy
Remove handle to an
object in RAM. If the
current handle is the
only one remaining,
the object is deleted
from RAM.
Unauthenticated Z KA, KJSO,
KNSO, LT
Report statistics
Cmd StatGetValues
Cmd_StatEnumTree
Reports the values of
the statistics tree.
Unauthenticated - None
Show Status
Cmd_NewEnquiry
Report status
information.
Unauthenticated - None
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3 33 of 41
Service Description Authorized roles Access CSPs
Secure Execution Engine
Cmd_CreateSEEWorld
Cmd_GetWorldSigners
Cmd_SEEJob
Cmd_SetSEEMachine
Cmd_TraceSEEWorld
Creation and
interaction with SEE
machines.
NSO / JSO - None
Set ACL
Cmd_SetACL
Replaces the ACL of a
given key with a new
ACL. The ACL needs
to authorize this
operation.
NSO / JSO / User W KA
Set key application data
Cmd_SetAppData
Writes the
application
information field of a
key.
User W KA
Set NSO Permissions
Cmd_SetNSOPerms
Sets the NSO key
hash and which
permissions require a
Delegation
Certificate.
NSO - None
Set real time clock
Cmd_SetRTC
Sets the Real-Time
Clock value.
NSO / JSO - None
Signature generation
Cmd_Sign
Generate a digital
signature or MAC
value.
NSO / JSO / User R KA, KNSO,
KJSO
Sign Module State
Cmd_SignModuleState
Returns a signed
certificate that
contains data about
the current
configuration of the
module.
Unauthenticated R KML
Signature verification
Cmd_Verify
Verifies a digital
signature or MAC
value.
NSO / JSO / User R KA
Write file
Cmd_WriteFile
Writes a file to a
Smartcard or
Softcard.
NSO / JSO - None
34 of 41 nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3
Service Description Authorized roles Access CSPs
Write share
Cmd_WriteShare
Writes a Share to a
Smartcard or
Softcard.
Unauthenticated - None
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3 35 of 41
•
•
•
36 of 41 nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3
new-world
enquiry
active modes UseFIPSApprovedInternalMechanisms AlwaysUseStrongPrimes
FIPSLevel3Enforcedv2 StrictSP80056Ar3
active modes UseFIPSApprovedInternalMechanisms FIPSLevel3Enforcedv2
StrictSP80056Ar3
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3 37 of 41
38 of 41 nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3
•
•
•
Algorithm Description
Boot Loader
SHA512 Known Answer Test
ECDSA Known Answer Test (verification only) with curve P-521
Firmware
AES Known Answer Test: ECB encryption and decryption with
128, 192 and 256-bit keys
AES CMAC Known Answer Test: 128-bit key
SHA1 SHA1 KAT test, other size are tested along with KAT HMAC
HMAC with SHA1, SHA224, SHA256,
SHA384, SHA512
Known Answer Test
RSA Known Answer Test: sign/verify, encrypt/decrypt with 2048-
bit key
Pair-Wise consistency test: sign/verify
DSA Known Answer Test: sign/verify with 2048-bit key
Pair-Wise consistency test: sign/verify
ECDSA Pair-Wise consistency test: sign/verify with curves P-224 and
B-233
Key Agreement Shared Secret Computation Known Answer Test DH
nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3 39 of 41
Algorithm Description
Key Agreement Shared Secret Computation Known Answer Test for
ECDH with curves P-384 and B-233
One-step KDF Known Answer Test with SHA-256 auxiliary function
Two-step KDF Known Answer Test with HMAC-SHA256 auxiliary function
KBKDF Known Answer Test
DRBG Health Tests according to SP 800-90A
Other
Entropy source SP800-90B section 4.4 health tests: adaptive proportion test
and repetition count test
•
•
•
40 of 41 nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi Non-proprietary
Security Policy for FIPS 140-2 Level 3